IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.
It was discovered that LibreOffice incorrectly validated macro signatures.
If a user were tricked into opening a specially crafted document, a remote
attacker could possibly use this issue to execute arbitrary macros.
(CVE-2022-26305)
It was discovered that Libreoffice incorrectly handled encrypting the
master key provided by the user for storing passwords for web connections.
A local attacker could possibly use this issue to obtain access to
passwords stored in the user’s configuration data. (CVE-2022-26306,
CVE-2022-26307)
weechat-3.6-1.el8
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
weechat-3.6-1.fc37
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
weechat-3.6-1.fc36
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
weechat-3.6-1.el9
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)
Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)
Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)
It was discovered that the device-mapper verity (dm-verity) driver in the
Linux kernel did not properly verify targets being loaded into the device-
mapper table. A privileged attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-2503)
Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
Several vulnerabilities have been discovered in the ISC DHCP client,
relay and server.
Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a
simple interprocess messaging system, which may result in denial of
service by an authenticated user.
